Accredited Independent Testing Validates Telos Risk Management Framework’s Capability to Assess Federal Agencies
ASHBURN, Va. – January 4, 2011 – Telos® Corporation’s Xacta® IA Manager framework has received its second Security Content Automation Protocol (SCAP) validation by independent testing based on National Institute of Standards and Technology (NIST) evaluation criteria. Xacta IA Manager’s Continuous Assessment and Xacta HostInfo were validated against the Federal Core Desktop Configuration (FDCC) Scanner capability. The SCAP validation process evaluates IA products against federally defined standards and capabilities. Validated products are needed to effectively automate vulnerability management, configuration measurement and policy compliance evaluation, including FDCC compliance.
With its risk management experience, Telos lends a level of breadth and maturity to the SCAP-based vulnerability and compliance market. Xacta IA Manager, Telos’ specialized information assurance solution, automates NIST, Department of Defense (DOD), intelligence and other federal agencies’ critical infrastructure security authorization and management requirements, and facilitates the automation of FDCC compliance scanning. Telos has integrated SCAP at the host level, whereby Xacta HostInfo, a component within the Xacta IA Manager framework, checks the compliance state of a particular host. Telos customers of both Xacta Assessment Engine and Xacta Continuous Assessment can leverage HostInfo to execute SCAP-validated FDCC Scanning features. Xacta Assessment Engine customers can operate Xacta HostInfo in utility mode via the command line interfact (CLI) or the graphical user interface (GUI). Xacta Continuous Assessment customers can use the CLI and the GUI utility modes as well as operate Xacta HostInfo in agent mode. This agent mode of operation supplies the other Xacta Continuous Assessment components with automated, scheduled updates to support vulnerability, configuration, and patch management status and reporting.
“Telos believes in SCAP and continuously supports the standards by building them into Xacta products to better serve all of our clients,” said Justin Furniss, director of product management for Telos. “Our risk management framework has always focused on simplifying and automating security authorization processes when possible. The SCAP standards are great because they simplify the assessment and results mapping for independent testing, especially in regards to the NIST 800-37 and the DoD Information Assurance Certification and Accreditation Process, or DIACAP (DOD 8500.2).
“Our implementation of SCAP allows the automated collection of security information and for that information to be integrated into our risk management framework in a way that is truly unique,” said Furniss. “In addition to this SCAP validation, we are excited to continue our involvement in the evolution of the SCAP standards and to implement them to provide better solutions to our customers’ problems.”
Xacta IA Manager has IT-GRC capabilities that include security assessment, risk management, compliance, and certification and accreditation (C&A) automation features that meet more than 150 leading regulations and policies and more than 9,500 requirements and controls for IT risk compliance and management. Xacta IA Manager provides a continuous assessment that monitors and manages information security risks and aids in developing remediation plans to correct them.
Many federal agencies and commercial enterprises rely on Xacta IA Manager to continuously manage security compliance and risk as well as initiate corrective actions that are necessary to protect their systems. With a variety of flexible licensing options, Xacta IA Manager offers a full range of support, implementation and training services to ensure customers receive the maximum value and productivity from their security management solutions.
Currently, Xacta HostInfo supports Windows, MAC, Linux and Solaris platforms. This SCAP validation was performed on the Xacta IA Manager components processing data related to Windows XP and Windows Vista platforms. The testing was completed by Science Applications International Corporation’s (SAIC) SCAP testing laboratory, which is a NIST-accredited lab for the SCAP initiative. SCAP evaluations are performed annually. As NIST updates the validation program next year to address the United States Government Configuration Baseline (USGCB) settings, which cover both Windows and non-Windows platforms, Telos’ Xacta IA Manager components will be validated against the new platforms.
About Telos Corporation
Telos Corporation has provided innovative IT solutions and services to the federal government for more than 30 years, focusing since 1997 on cybersecurity. Telos solutions ensure that the government’s most security-conscious organizations comply with demanding federal and DoD information security mandates. Offerings includeXacta® IA Manager for enterprise IT security management, enterprise security consulting services, secure networks, secure enterprise messaging, and secure identity management solutions. Solutions are represented to the federal government on Telos’ GSA schedule. For more information, visit https://www.telos.com/.